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The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 . 1 36(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

Responsive to communication(s) filed on 16 November 2001 . 
2a)D This action is FINAL. 2b)S This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) S Claim(s) 1-24 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Ciaim(s) is/are allowed. 

6) KI Claim(s) 1-24 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) S The specification is objected to by the Examiner. 

10) ^ The drawing(s) filed on 16 November 2001 is/are: a)Q accepted or b)S objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)D All b)D Some * c)Q None of: 

1 .□ Certified copies of the priority documents have been received. 

2.D Certified copies of the priority documents have been received in Application No. . 

3-D Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 

1. Claims 1-24 are pending and have been examined. 

Drawings 

2. New corrected drawings in compliance with 37 CFR 1 .121 (d) are required in this 
application because the handwritten reference characters on figures 1 and 3 are not 
clear. Applicant is advised to employ the services of a competent patent draftsperson 
outside the Office, as the U.S. Patent and Trademark Office no longer prepares new 
drawings. The corrected drawings are required in reply to the Office action to avoid 
abandonment of the application. The requirement for corrected drawings will not be held 
in abeyance. 

3. The drawings are objected to as failing to comply with 37 CFR 1 .84(p)(5) 
because they do not include the following reference sign(s) mentioned in the 
description: 32 (page 19, perhaps it was intended "referring back to fig. 2"), 100A-F (fig 
4). Corrected drawing sheets in compliance with 37 CFR 1.121(d) are required in reply 
to the Office action to avoid abandonment of the application. Any amended replacement 
drawing sheet should include all of the figures appearing on the immediate prior version 
of the sheet, even if only one figure is being amended. Each drawing sheet submitted 
after the filing date of an application must be labeled in the top margin as either 
"Replacement Sheet" or "New Sheet" pursuant to 37 CFR 1.121(d). If the changes are 
not accepted by the examiner, the applicant will be notified and informed of any required 
corrective action in the next Office action. The objection to the drawings will not be held 
in abeyance. 
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Specification 

4. The abstract of the disclosure is objected to because it appears to be missing the 
word "is" between "data" and "maintained" in line 5. Correction is required. See MPEP 
§ 608.01(b). 

5. The disclosure is objected to because of the following informalities: "CRT", "LED" 
(page 8, line 21); "XML" (page 11, line 13). While well known in the art, these terms 
have not been defined. 

Claim Objections 

6. Claim 17 is objected to because of the following informalities: the first limitation 
of the claim ends with a period ("."), perhaps a semi-colon (";") was intended. 
Appropriate correction is required. 
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Claim Rejections - 35 USC § 102 

7. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(a) the invention was known or used by others in this country, or patented or described in a printed 
publication in this or a foreign country, before the invention thereof by the applicant for a patent. 

8. Claims 1, 3-4, 6-7, 9-11, 16, 18-20, and 22-24 are rejected under 35 
U.S.C. 102(a) as being anticipated by O'Flaherty et al. (US Patent Number 
6,275,824, hereinafter "O'Flaherty"). 

Regarding claim 1, O'Flaherty teaches a data management system, comprising: 
an access control system for limiting access to the data management system to 
authorized entities (column 11, lines 35-60); a data confidentiality system for identifying 
and concealing confidential details in received data (column 8, lines 10-61); a data 
storage system for storing the received data (column 4 t lines 1-67); and a data update 
system for examining stored data to identify and expose non-confidential details 
(column 4, lines 60-67, column 5, lines 1-63). 

Regarding claim 16, O'Flaherty teaches a method for managing data, 
comprising: receiving data in a secured manner from an authorized provider (column 
1 1 , lines 35-60); identifying and concealing confidential details in the received data 
(column 8, lines 10-61); storing the received data (column 4, lines 1-67); and updating 
the stored data by identifying and exposing non-confidential details in the stored data 
(column 4, lines 60-67, column 5, lines 1-63). 
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Regarding claim 20, O'Flaherty teaches a program product stored on a 
recordable medium for managing data, which when executed, comprises: an access 
control system for limiting access to the data management system to authorized entities 
(column 11, lines 35-60); a data confidentiality system for identifying and concealing 
confidential details in received data (column 8, lines 10-61); a data storage system for 
storing the received data (column 4, lines 1-67); and a data update system for 
examining stored data to identify and expose non-confidential details (column 4, lines 
60-67, column 5, lines 1-63). 

Regarding claims 3, 18, and 22, O'Flaherty teaches wherein stored data is 
analyzed with a data analysis system (column 9, lines 55-67, column 10, lines 1-49). 

Regarding claims 4, 19, and 23, O'Flaherty teaches wherein the data analysis 
system is permitted to analyze the stored data based upon approval by full rights 
members of the data management system (column 8, lines 10-67). 

Regarding claim 6, O'Flaherty teaches wherein the received data and the stored 
data are operational risk data (column 4, lines 1-67). 

Regarding claim 7, O'Flaherty teaches wherein the system mitigates operational 
risk (column 4, lines 1-67). 

Regarding claim 9, O'Flaherty teaches wherein the confidential details cannot 
be accessed by any entity (column 5, lines 15-67). 

Regarding claim 10, O'Flaherty teaches wherein the confidential details can 
only be accessed by a plurality of entities acting in concert (column 9, lines 15-55). 
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Regarding claim 11, O'Flaherty teaches a customer relationship management 
tool for verifying a policy of an entity (column 1 1 , lines 5-67). 

Regarding claim 24, O'Flaherty teaches wherein the received data is 
operational risk data (column 4, lines 1-67). 
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Claim Rejections - 35 USC § 103 

9. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

10. Claim 5 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
O'Flaherty. 

Regarding claim 5, O'Flaherty does not expressly disclose wherein data 
management system is a tamper resistant, tamper evident, tamper sensitive, tamper 
reactive. However, Examiner takes Official Notice that the use of tamper 
resistant/evident/sensitive/reactive systems was conventional and well known. 
Therefore, it would have been obvious to one having ordinary skill in the art at the time 
the invention was made to use a tamper resistant/evident/sensitive/reactive system 
since Examiner takes Official Notice that it was conventional and well known. 

11. Claim 8 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
O'Flaherty, and further in view of Scott et al. (US Patent Application Publication 
2002/0082996, hereinafter "Scott"). 

Regarding claim 8, O'Flaherty does not expressly disclose wherein data is 
received based upon a randomly generated time interval. However, Scott teaches 
wherein data is received based upon a randomly generated time interval (page 3, 
paragraph 28). Therefore, it would have been obvious to one having ordinary skill in the 
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art at the time the invention was made to receive data at randomly generated time 
intervals. One of ordinary skill in the art would have been motivated to do so to provide 
flexibility on receiving data. 

12. Claims 2, 12-15, 17, and 21 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over O'Flaherty, and further in view of Howard, JR. et al. (US Patent 
Application Publication 2001/0026619, hereinafter "Howard"). 

Regarding claims 2, 17, and 21, O'Flaherty teaches a data decryption system 
for decrypting received data (column 4, lines 60-67, column 5 ( lines 1-63, column 10, 
lines 50-60); approving systems for analyzing the stored data (column 4, lines 35-60). 
O'Flaherty does not expressly disclose a data verification system for verifying an 
accuracy of received data. O'Flaherty does teach using encryption (column 4, lines 60- 
67, column 5, lines 1-63, column 10, lines 50-60). Furthermore, Examiner takes Official 
Notice that verifying accuracy of received data was conventional and well known (i.e. 
using digital signatures). O'Flaherty does not expressly disclose a key security system 
for protecting encryption keys. However, Howard teaches a key security system for 
protecting encryption keys (page 12, paragraphs 164-165). Therefore, it would have 
been obvious to one having ordinary skill in the art at the time the invention was made 
to verify the accuracy of the received data and to use a key security system for 
protecting encryption keys. One of ordinary skill in the art would have been motivated to 
do so because verifying the accuracy of received data was conventional and well 
known, and to provide secure management of key material (Howard, page 1, 
paragraphs 1-16). 
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Regarding claim 12, O'Flaherty teaches a data management system, 
comprising: an access control system for limiting access to the data management 
system to authorized entities (column 1 1 , lines 35-60); a data decryption system for 
receiving and decrypting received operational risk data (column 4, lines 60-67, column 
5, lines 1-63, column 10, lines 50-60); a data confidentiality system for identifying and 
concealing confidential details in the received data (column 8, lines 10-61); a data 
storage system for storing received data after the confidential details have been 
concealed (column 4, lines 1-67); a data update system for examining stored data to 
identify and expose non-confidential details (column 4, lines 60-67, column 5, lines 1- 
63); a program approval system for approving systems for analyzing the stored data 
(column 4, lines 35-60). O'Flaherty does not expressly disclose a key security system 
for protecting encryption keys. However, Howard teaches a key security system for 
protecting encryption keys (page 12, paragraphs 164-165). Therefore, it would have 
been obvious to one having ordinary skill in the art at the time the invention was made 
to use a key security system for protecting encryption keys. One of ordinary skill in the 
art would have been motivated to do so to provide secure management of key material 
(Howard, page 1, paragraphs 1-16). 

Regarding claim 13, the combination of O'Flaherty and Howard teaches the 
limitations as set forth under claim 12 above. Furthermore, OTIaherty teaches wherein 
stored data is analyzed with a data analysis system (column 9, lines 55-67, column 10, 
lines 1-49). 
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Regarding claim 14, the combination of O'Flaherty and Howard teaches the 
limitations as set forth under claim 13 above. Furthermore, O'Flaherty teaches wherein 
the data analysis system is permitted to analyze the stored data based upon approval 
by full rights members of the data management system (column 8, lines 10-67). 

Regarding claim 15, the combination of O'Flaherty and Howard teaches the 
limitations as set forth under claim 12 above. Furthermore, O'Flaherty teaches wherein 
a provider submits the operational risk data to the data management system, and 
wherein a requester accesses the stored data (column 4, lines 1-67, column 5, lines 1- 
67, column 1 1 , lines 35-60). 
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Conclusion 



13. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. US Patent Application Publication 2004/0049679 to Meggle 
disclose using a tamper resistant/tamper evident authentication device. US Patent 
Numbers 6,224,486 and 6,425,828 to Walker et al. disclose the use of tamper 
evident/resistant/reactive/sensitive systems/memory. 

14. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to David G. Cervetti whose telephone number is (571) 272- 
5861 . The examiner can normally be reached on Monday-Friday 7:00 am - 5:00 pm, off 
on Wednesday. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz R. Sheikh can be reached on (571) 272-3795. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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